Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/sap-xssec@4.1.0
Typepypi
Namespace
Namesap-xssec
Version4.1.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-125k-pwj6-qyb7
vulnerability_id VCID-125k-pwj6-qyb7
summary 
Duplicate Advisory: Privilege escalation in sap-xssec
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-6mjg-37cp-42x5. This link is maintained to preserve external references.

## Original Description
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
references
0
reference_url https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067
reference_id
reference_type
scores
url https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067
1
reference_url https://github.com/SAP/cloud-pysec
reference_id
reference_type
scores
url https://github.com/SAP/cloud-pysec
2
reference_url https://me.sap.com/notes/3411067
reference_id
reference_type
scores
url https://me.sap.com/notes/3411067
3
reference_url https://pypi.org/project/sap-xssec
reference_id
reference_type
scores
url https://pypi.org/project/sap-xssec
4
reference_url https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
reference_id
reference_type
scores
url https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50423
reference_id CVE-2023-50423
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-50423
6
reference_url https://github.com/advisories/GHSA-p99h-pfg6-qrfg
reference_id GHSA-p99h-pfg6-qrfg
reference_type
scores
url https://github.com/advisories/GHSA-p99h-pfg6-qrfg
fixed_packages
0
url pkg:pypi/sap-xssec@4.1.0
purl pkg:pypi/sap-xssec@4.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sap-xssec@4.1.0
aliases GHSA-p99h-pfg6-qrfg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-125k-pwj6-qyb7
1
url VCID-35uy-k6p8-gkcy
vulnerability_id VCID-35uy-k6p8-gkcy
summary SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
references
0
reference_url https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067
reference_id
reference_type
scores
url https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067
1
reference_url https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/sap-xssec/PYSEC-2023-261.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/sap-xssec/PYSEC-2023-261.yaml
3
reference_url https://github.com/SAP/cloud-pysec
reference_id
reference_type
scores
url https://github.com/SAP/cloud-pysec
4
reference_url https://github.com/SAP/cloud-pysec/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/SAP/cloud-pysec/
5
reference_url https://github.com/SAP/cloud-pysec/commit/d90c9e0733fa9af68bd8ea0b1cf023cf482163ef
reference_id
reference_type
scores
url https://github.com/SAP/cloud-pysec/commit/d90c9e0733fa9af68bd8ea0b1cf023cf482163ef
6
reference_url https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5
7
reference_url https://me.sap.com/notes/3411067
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://me.sap.com/notes/3411067
8
reference_url https://pypi.org/project/sap-xssec
reference_id
reference_type
scores
url https://pypi.org/project/sap-xssec
9
reference_url https://pypi.org/project/sap-xssec/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://pypi.org/project/sap-xssec/
10
reference_url https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50423
reference_id CVE-2023-50423
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-50423
12
reference_url https://github.com/advisories/GHSA-6mjg-37cp-42x5
reference_id GHSA-6mjg-37cp-42x5
reference_type
scores
url https://github.com/advisories/GHSA-6mjg-37cp-42x5
fixed_packages
0
url pkg:pypi/sap-xssec@4.1.0
purl pkg:pypi/sap-xssec@4.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sap-xssec@4.1.0
aliases CVE-2023-50423, GHSA-6mjg-37cp-42x5, GMS-2023-6183, PYSEC-2023-261
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35uy-k6p8-gkcy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/sap-xssec@4.1.0